Home
HIGH: 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
2024 November Security Update (custom) before 2024 November Security Update
affected
2022 SU6 November Security Update (custom) before 2022 SU6 November Security Update
affected
Description
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Product status
2024 November Security Update (custom) before 2024 November Security Update
2022 SU6 November Security Update (custom) before 2022 SU6 November Security Update
References
forums.ivanti.com/...November-2024-for-EPM-2024-and-EPM-2022